On my last post I was uploading some images to include in the post using WordPress. I noticed in my error logs that while resizing the images the PHP script attempts to raise the memory limit.

Feb 26 22:52:29 host suhosin[9636]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker 'XXX.XXX.XXX.XXX', file '/var/www/wordpress/wp-admin/includes/image.php', line 161)

This is fair enough and is a good idea for security and to stop your server getting overloaded by a single script. So I looked into how to fix this and its a very simple process.

You need to edit your suhosin config. I am doing this under Ubuntu 9.04 mine is located ‘/etc/php5/apache2/conf.d/suhosin.ini’. To fix it for WordPress just add the setting `suhosin.memory_limit` to the config file with the appropriate value in the case of WordPress it needs to be set to 256.

Your config should end up looking like this

extension=suhosin.so
[suhosin]
suhosin.memory_limit = 256M

that is it really very simple. I am going to have a bit of a tweak with suhosin config later I think the default config can be improved a lot.

Share this post

7 Comments

  1. JL

    Hey, aren’t you missing the M at the end of suhosin.memory_limit = 256?

    • Mark Davidson

      Yes your correct. I’ve updated the post, thanks for pointing it out.

  2. Håkan

    Hi, thanks for putting this up; my server just freaked out with a cpu spiked at 100% for an hour… apparently (or AFAIK at the moment) this is related to this so I’ll try your tip and see if it resolves my problem even though I can’t be sure as everything now seems to be okay after a reboot.

    However, you’ve misspelled the config filename as ‘/etc/php5/apache2/conf.d/suhosin.in’ whereas the actual file name is suhosin.ini.

    Cheers,

    Håkan

  3. […] Jediné, co mě zatím z dostupné konfigurace napadlo je potenciální problém s instalovaným Suhosinem. Zkuste projít jeho konfiguraci, zda tam není nějaké další omezené paměti, podrobnosti viz např. tento článek […]

  4. jservices

    As a webhost I gotta say just giving your script more memory is a bad idea unless you have your own server. Think about it, 256 megs allocated for 1 website on a shared host is just not realistic. WordPress should manage its memory requirements much better, don’t you think?

Leave a Reply

CAPTCHA (required) Time limit is exhausted. Please reload CAPTCHA.